[analyzer][docs] CSA release notes for clang-21 #154600
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The commits were gathered using:
```sh
git log --reverse --oneline llvmorg-20-init..llvm/main \
clang/{lib/StaticAnalyzer,include/clang/StaticAnalyzer} | grep -v NFC | \
grep -v OpenACC | grep -v -i revert | grep -v -i "webkit"
```
FYI, I also ignored Webkit changes because I assue it's fairly specific
for them, and they likely already know what they ship xD.
I used the `LLVM_ENABLE_SPHINX=ON` and `LLVM_ENABLE_DOXYGEN=ON` cmake
options to enable the `docs-clang-html` build target, which generates
the html into `build/tools/clang/docs/html/ReleaseNotes.html` of which I
attach the screenshots to let you judge if it looks all good or not.
|
@llvm/pr-subscribers-clang @llvm/pr-subscribers-clang-static-analyzer-1 Author: Balazs Benics (steakhal) ChangesThe commits were gathered using: git log --reverse --oneline llvmorg-20-init..llvm/main \
clang/{lib/StaticAnalyzer,include/clang/StaticAnalyzer} | grep -v NFC | \
grep -v OpenACC | grep -v -i revert | grep -v -i "webkit"FYI, I also ignored Webkit changes because I assue it's fairly specific for them, and they likely already know what they ship xD. I used the Full diff: https://github.com/llvm/llvm-project/pull/154600.diff 1 Files Affected:
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index f4f7dd8342d92..a8fd4b174cf7c 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1198,8 +1198,6 @@ Code Completion
Static Analyzer
---------------
-- Fixed a crash when C++20 parenthesized initializer lists are used. This issue
- was causing a crash in clang-tidy. (#GH136041)
New features
^^^^^^^^^^^^
@@ -1223,20 +1221,99 @@ New features
- Implemented `P2719R5 Type-aware allocation and deallocation functions <https://wg21.link/P2719>`_
as an extension in all C++ language modes.
+- Added support for the ``[[clang::assume(cond)]]`` attribute, treating it as
+ ``__builtin_assume(cond)`` for better static analysis. (#GH129234)
+
+- Introduced per-entry-point statistics to provide more detailed analysis metrics.
+ Documentation: :doc:`analyzer/developer-docs/Statistics` (#GH131175)
+
+- Added time-trace scopes for high-level analyzer steps to improve performance
+ debugging. Documentation: :doc:`analyzer/developer-docs/PerformanceInvestigation`
+ (#GH125508, #GH125884)
+
+- Enhanced the ``check::BlockEntrance`` checker callback to provide more granular
+ control over block-level analysis.
+ `Documentation (check::BlockEntrance)
+ <https://clang.llvm.org/doxygen/CheckerDocumentation_8cpp_source.html>`_
+ (#GH140924)
+
+- Added a new experimental checker ``alpha.core.FixedAddressDereference`` to detect
+ dereferences of fixed addresses, which can be useful for finding hard-coded memory
+ accesses. (#GH127191)
Crash and bug fixes
^^^^^^^^^^^^^^^^^^^
+- Fixed a crash when C++20 parenthesized initializer lists are used.
+ This affected a crash of the well-known lambda overloaded pattern.
+ (#GH136041, #GH135665)
+
+- Dropped an unjustified assertion, that was triggered in ``BugReporterVisitors.cpp``
+ for variable initialization detection. (#GH125044)
+
- Fixed a crash in ``UnixAPIMisuseChecker`` and ``MallocChecker`` when analyzing
code with non-standard ``getline`` or ``getdelim`` function signatures. (#GH144884)
+- Fixed crashes involving ``__builtin_bit_cast``. (#GH139188)
+
+- ``__datasizeof`` (C++) and ``_Countof`` (C) no longer cause a failed assertion
+ when given an operand of VLA type. (#GH151711)
+
+- Fixed a crash in ``CastSizeChecker``. (#GH134387)
+
+- Some ``cplusplus.PlacementNew`` false positives were fixed. (#GH150161)
+
Improvements
^^^^^^^^^^^^
+- Added option to assume at least one iteration in loops to reduce false positives.
+ (#GH125494)
+
- The checker option ``optin.cplusplus.VirtualCall:PureOnly`` was removed,
- because it had been deprecated since 2019 and it is completely useless (it
- was kept only for compatibility with pre-2019 versions, setting it to true is
- equivalent to completely disabling the checker).
+ because it had been deprecated since 2019. (#GH131823)
+
+- Enhanced the ``StackAddrEscapeChecker`` to detect more cases of stack address
+ escapes, including return values for child stack frames. (#GH126620, #GH126986)
+
+- Improved the ``BlockInCriticalSectionChecker`` to recognize ``O_NONBLOCK``
+ streams and suppress reports in those cases. (#GH127049)
+
+- Better support for lambda-converted function pointers in analysis. (#GH144906)
+
+- Improved modeling of ``getcwd`` function in ``StdCLibraryFunctions`` checker.
+ (#GH141076)
+
+- Enhanced the ``EnumCastOutOfRange`` checker to ignore ``[[clang::flag_enum]]``
+ enums. (#GH141232)
+
+- Improved handling of structured bindings captured by lambdas. (#GH132579, #GH91835)
+
+- Fixed unnamed bitfield handling in ``UninitializedObjectChecker``. (#GH132427, #GH132001)
+
+- Enhanced iterator checker modeling for ``insert`` operations. (#GH132596)
+
+- Improved ``format`` attribute handling in ``GenericTaintChecker``. (#GH132765)
+
+- Added support for ``consteval`` in ``ConditionBRVisitor::VisitTerminator``.
+ (#GH146859, #GH139130)
+
+- Enhanced handling of C standard streams in internal memory space. (#GH147766)
+
+- Enhanced store management with region-store-binding-limit to improve performance.
+ See `region-store-max-binding-fanout
+ <https://clang.llvm.org/docs/analyzer/user-docs/Options.html#region-store-max-binding-fanout>`_
+ config option. Overriding these options are discouraged, unless you know what you do.
+ (#GH127602)
+
+- Updated undefined assignment checker (``core.uninitialized.Assign``) diagnostics
+ to avoid using the term ``garbage``. (#GH126596)
+
+- Fixed false memory leak reports involving placement new. (#GH144341)
+
+- Avoided unnecessary super region invalidation in ``CStringChecker``.
+ (#GH146212, #GH143807)
+
+- Enhanced handling of tainted division-by-zero error paths. (#GH144491)
Moved checkers
^^^^^^^^^^^^^^
@@ -1246,6 +1323,9 @@ Moved checkers
checker ``alpha.security.ArrayBound`` (which was searching for the same kind
of bugs with an different, simpler and less accurate algorithm) is removed.
+- Moved checker ``alpha.core.FixedAddressDereference`` out of the ``alpha`` package
+ to ``core.FixedAddressDereference ``. (#GH132404)
+
.. _release-notes-sanitizers:
Sanitizers
|
|
I had limited time, so I used LLM to generate this. Exercise extra scrutiny during review. There is an unrelated section about |
tru
approved these changes
Aug 21, 2025
github-project-automation
bot
moved this from Needs Triage
to Needs Merge
in LLVM Release Status
|
Looks good to me. Are all of those crashes present in previously released stable versions? |
Xazax-hun
approved these changes
Aug 21, 2025
github-project-automation
bot
moved this from Needs Review
to Needs Merge
in LLVM Release Status
steakhal
commented
Aug 21, 2025
To the best of knowledge yes. I also checked that no entries refer to commits that are only present on You can spotcheck this though. |
|
This PR is blocked by #154608 |
necto
approved these changes
Aug 21, 2025
clang/docs/ReleaseNotes.rst
Outdated
| @@ -1246,6 +1323,9 @@ Moved checkers | |||
| checker ``alpha.security.ArrayBound`` (which was searching for the same kind | |||
| of bugs with an different, simpler and less accurate algorithm) is removed. | |||
There was a problem hiding this comment.
Suggested change
| of bugs with an different, simpler and less accurate algorithm) is removed. | |
| of bugs with a different, simpler and less accurate algorithm) is removed. |
There was a problem hiding this comment.
I decided to drop the whole second part of the sentence. I don't think it adds much value. If anything, only confuses people.
fff9d58
clang/docs/ReleaseNotes.rst
Outdated
Comment on lines
1240
to
1242
| - Added a new experimental checker ``alpha.core.FixedAddressDereference`` to detect | ||
| dereferences of fixed addresses, which can be useful for finding hard-coded memory | ||
| accesses. (#GH127191) |
There was a problem hiding this comment.
Later in "Moved Checkers" it is mentioned to be moved to stable:
- Moved checker
alpha.core.FixedAddressDereferenceout of thealphapackage
tocore.FixedAddressDereference. (#GH132404)
Should these two entries be combined?
There was a problem hiding this comment.
Great observation. Combined in a1a1d10
balazske
reviewed
Aug 22, 2025
| - Added support for ``consteval`` in ``ConditionBRVisitor::VisitTerminator``. | ||
| (#GH146859, #GH139130) | ||
|
|
||
| - Enhanced handling of C standard streams in internal memory space. (#GH147766) |
There was a problem hiding this comment.
Suggested change
| - Enhanced handling of C standard streams in internal memory space. (#GH147766) | |
| - C standard streams are no longer invalidated by all C library function calls. (#GH147766) |
balazske
reviewed
Aug 22, 2025
|
|
||
| - Added a new experimental checker ``core.FixedAddressDereference`` to detect | ||
| dereferences of fixed addresses, which can be useful for finding hard-coded memory | ||
| accesses. (#GH127191, #GH132404) |
There was a problem hiding this comment.
This checker should not be called "experimental" if it is not an alpha checker.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The commits were gathered using:
git log --reverse --oneline llvmorg-20-init..llvm/main \ clang/{lib/StaticAnalyzer,include/clang/StaticAnalyzer} | grep -v NFC | \ grep -v OpenACC | grep -v -i revert | grep -v -i "webkit"FYI, I also ignored Webkit changes because I assue it's fairly specific for them, and they likely already know what they ship xD.
I used the
LLVM_ENABLE_SPHINX=ONandLLVM_ENABLE_DOXYGEN=ONcmake options to enable thedocs-clang-htmlbuild target, which generates the html intobuild/tools/clang/docs/html/ReleaseNotes.htmlof which I attach the screenshots to let you judge if it looks all good or not.